HOUNDING TEENAGE HACKERS
DON'T PLUG THOSE
LEAKY COMPUTERS
12/10/84
THE PETULANT BOYS AND GIRLS WHO PLAY IN THE SANDBOX CALLED
THE U.S. SENATE GOT INTO ONE OF THEIR TYPICAL TEMPER TANTRUMS
IN THE LAST HOURS OF THE 98TH CONGRESS THIS FALL. THEY WERE
SO BUSY SHOUTING AND CALLING EACH OTHER NAMES THAT NOBODY
SEEMED INTERESTED IN PASSING ANY LEGISLATION.
IN DESPERATION, THE SENATE LEADERSHIP DECIDED THAT THE
ONLY WAY TO MAKE THESE MATURE, RESPONSIBLE PUBLIC SERVANTS DO
THEIR WORK WAS TO HOLD AN ALL-NIGHT SESSION. A LONG LINE OF
COTS WAS SET UP IN THE CAPITOL CORRIDORS. BETWEEN CATNAPS,
OUR ELECTED LEADERS VOTED ON BILLS AND AMENDMENTS. IN THESE
ABSURD CIRCUMSTANCES THE CONGRESS PASSED AN ABSURD PIECE OF
COMPUTER LEGISLATION.
THE NEW CRIMINAL STATUTE EMPOWERS THE TRW, WHICH
PRESUMABLY HAS NOTHING BETTER TO DO, TO SNOOP AROUND
THOUSANDS OF COMPUTER "BULLETIN BOARD" SYSTEMS TO PROSECUTE
COMPUTER "HACKERS" WHO ARE ALLEGEDLY ABUSING CORPORATE AND
GOVERNMENTAL COMPUTER SYSTEMS FROM COAST TO COAST.
THE PROBLEM, TO THE EXTENT IT IS A PROBLEM, IS THIS:
THOUSANDS OF COMPANIES, SCHOOLS, AND GOVERNMENT AGENCIES HAVE
TELEPHONE HOOKUPS THROUGH WHICH THEIR CUSTOMERS AND EMPLOYES
CAN CALL A CENTRAL COMPUTER TO GET INFORMATION OR LEAVE
MESSAGES.
A COMMON EXAMPLE OF SUCH A SYSTEM WOULD BE A NATIONAL
RETAIL CHAIN WITH HEADQUARTERS IN NEW YORK CITY. THE CHAIN'S
DUBUQUE STORE CAN CALL THE COMPUTER IN NEW YORK TO PLACE AN
ORDER, CHECK ADVERTISING COPY, OR WHAT HAVE YOU.
EACH SYSTEM HAS SOME SECURITY ARRANGEMENTS TO FEND OFF
UNWANTED CALLERS. TO GET INTO THE WASHINGTON POST'S NEWSROOM
COMPUTER, FOR EXAMPLE, YOU NEED TO KNOW THE PHONE NUMBER, AND
THEN TYPE IN TWO SEPARATE PASSWORDS -- KNOWN ONLY TO THE USER
-- BEFORE YOU CAN BE CONNECTED.
THERE HAS BEEN A PROBLEM OF COMPUTER HACKERS AROUND THE
COUNTRY TRYING TO PENETRATE SOME OF THESE CENTRAL SYSTEMS.
SOME HACKERS EVIDENTLY DISCOVERED A NUMBER AND A PASSWORD TO
GET INTO THE TACO BELL COMPUTER, PRESUMABLY ENABLING THE
INTRUDER TO ORDER 5,000 CASES OF HOT SAUCE OR SOME SUCH.
THE MOST INFAMOUS INSTANCE TO DATE CAME EARLIER THIS YEAR
WHEN SOME HACKERS OBTAINED A NUMBER AND PASSWORD ENABLING
THEM TO RUMMAGE AROUND IN THE ELECTRONIC RECORDS MAINTAINED
BY TRW INFORMATION SERVICES, A BIG CREDIT AGENCY THAT HAD
NAMES AND CREDIT NUMBERS OF SOME 90 MILLION PEOPLE.
ALARMED BY SUCH HAPPENINGS, OUR BENIGHTED CONGRESSPEOPLE
ROSE FROM THEIR COTS AND PASSED A LAW MAKING IT A FEDERAL
OFFENSE -- WITH UP TO A YEAR IN JAIL FOR FIRST OFFENDERS --
TO GAIN "UNAUTHORIZED ACCESS" TO ANY PRIVATE OR GOVERNMENTAL
DATA BANK CONTAINING PERSONAL OR CORPORATE FINANCIAL RECORDS.
THIS LAW IS A CLASSIC CASE OF SHOOTING AN ICBM AT A
MOSQUITO -- AND FIRING WIDE. EVEN IF THE SITUATION WERE
SERIOUS ENOUGH TO BRING ON THE G-MEN, THE STATUTORY SOLUTION
CONGRESS HIT ON CANNOT WORK BECAUSE IT IS AIMED AT THE WRONG
PEOPLE.
GRANTED THERE ARE SOME BAD APPLES OUT THERE IN HACKERLAND.
FOR THE MOST PART, THOUGH, THE PEOPLE MAKING THIS
"UNAUTHORIZED ACCESS" ARE 15-YEAR-OLD COMPUTER "PHREAKS" WHO
ARE DOING IT SOLELY FOR THE INTELLECTUAL CHALLENGE. IT'S A
KIDS' GAME. BUT NOW CONGRESS IS DISPATCHING THE FBI TO TRACK
DOWN THESE EVIL MISCREANTS AND SHIP THEM TO LEAVENWORTH.
THE REAL PROBLEM WITH "UNAUTHORIZED ACCESS" IS NOT THIS
CORPS OF PRECOCIOUS KIDS TYPING AWAY AT THEIR COMMODORES BUT
RATHER THE CORPORATE COMPUTER TYPES WHO DESIGNED THE LEAKY
CENTRAL SYSTEMS THE HACKERS ARE INVADING.
IT IS NO GREAT TRICK TO SET UP A COMPUTER SYSTEM THAT
CAN'T BE PENETRATED. IF YOU CREATE A SERIES OF PASSWORDS,
PROTECT THEIR SECRECY, AND CHANGE THEM REGULARLY, YOU CAN
FRUSTRATE JUST ABOUT ANY UNAUTHORIZED INTRUDER.
MANY OF THE SYSTEMS OPERATING NOW, THOUGH, TREAT SECURITY
AS A JOKE. TRW, FOR EXAMPLE, SAYS ITS CREDIT RECORDS ARE
GUARDED AS CAREFULLY AS POSSIBLE. BUT INFOWORLD MAGAZINE
REPORTED THAT A "SECRET" TRW PASSWORD MAY HAVE BEEN PRINTED
ON CREDIT REPORTS ROUTINELY GIVEN TO PEOPLE APPLYING FOR A
CREDIT CARD AT SEARS, AMONG OTHER PLACES. IT SAID THE SAME
PASSWORD WAS PASSED AROUND FOR MONTHS, BUT THAT TRW DID NOT
BOTHER TO ISSUE A NEW ONE.
A GARDEN GROVE, CALIF., CONSUMER NAMED BURT MAZELOW HAS
SUED TRW FOR FAILING TO PROTECT HIS CREDIT RECORDS FROM
SNOOPERS. WITHOUT PREJUDGING THIS PARTICULAR CASE, ONE CAN
SAY THAT MAZELOW HAS FOUND A MUCH MORE INTELLIGENT APPROACH
TO THE PROBLEM THAN OUR SLEEPY SENATORS CAME UP WITH.
IF THE PROBLEM OF "UNAUTHORIZED ACCESS" IS TO BE STOPPED,
IT'S PATENTLY OBVIOUS THAT CHANGES WILL HAVE TO COME AT THE
CENTRAL-COMPUTER LEVEL. INSTEAD OF HOUNDING RAMBUNCTIOUS KIDS
GIVING THEIR COMPUTERS A WORKOUT, THE GOVERNMENT SHOULD
ATTACK THIS PROBLEM AT THE SOURCE: THE CORPORATE AND
GOVERNMENTAL BUREAUCRACIES THAT HAVE BEEN TOO DUMB OR TOO
CHEAP TO MAKE SURE THAT PRIVATE INFORMATION IS REALLY
PRIVATE.